Skip to main content

5 Quick Tips for IT Compliance & Data Security During COVID-19

Business people working in conference room

Maintaining effective internal controls during remote operations relies heavily on effective IT General Controls, cybersecurity safeguards, and data privacy. Remote work environments create new risks for companies, as management attempts to navigate a new digital reality using a virtual workforce. It is critical that management plan ways to mitigate IT risks in this new environment.

Here are five quick tips to ensure you meet IT Compliance & Data Security requirements during a pandemic:

REINFORCE IT POLICIES AND PROCEDURES

It is important to remind users of their responsibility regarding effective IT controls and behaviors. Many companies are taking time to re-train and reinforce IT security expectations to their employees.

FOCUS ON MAINTAINING EFFECTIVE ACCESS CONTROLS

Make sure to document all approvals for system access (even if just via email) and remove access quickly when no longer needed. Companies are seeing an influx of system access requests, as users need to login to systems remotely or may need to access new systems to help fill resource gaps.

CONSIDER TESTING IT GENERAL CONTROLS EARLIER IN THE FISCAL YEAR

Due to the high volume of change occurring in IT environments, the likelihood of IT control failure increases. Testing controls earlier in the year will provide more time to remediate prior to year-end.

PROTECT CONFIDENTIAL INFORMATION AND DISPOSE OF IT WHEN NO LONGER NEEDED

It is important to protect confidential company information when accessing it outside of the office. Don’t use personal email accounts for business purposes, since they are not typically as secure as your business email account. Store hard copy documents in a secure physical location, and make sure to dispose of documents securely using best practices when finished. Don’t share or write down passwords, where they may become compromised. Instead, go through the proper access control process to request a new account and obtain approval.

ENCRYPT YOUR DATA

Home networks may not have the same level of security as corporate networks. It is important to secure home wireless networks and avoid public wi-fi. Enabling wi-fi network encryption at home is simple, and there are numerous online tutorials. Also, when using online tools to conduct business, make sure they are approved by company IT and have HTTPS/SSL encryption enabled (Tip: look for HTTPS in the website URL, instead of HTTP).

Bonus Tip: Train employees on the latest attacks

Beware of COVID-19 phishing attempts and other scams. Phony email messages, phone calls, and other communications are becoming increasingly common, attempting to steal payment and other information from victims. Inform employees to watch for suspicious emails or other communication and provide them with examples.

Bringing it all together

Remote operations create a new level of complexity and new challenges for IT internal control stakeholders. Additional IT requirements, new physical work environments (home offices), and distributed technology open the door for control failures and external cyberattacks. However, this also presents an opportunity to strengthen controls and enable new modes of operation that could benefit your company in the future. By continuing to focus on established policies and security best-practices, companies can overcome the compliance obstacles presented by remote work and emerge even stronger.

As you navigate the challenges of IT security and compliance during COVID-19, our IT Risk & Compliance team is here to help. We understand the complexity of technology and can assist with risk assessments, SOX compliance, automation, IT governance, and IT controls. Our core strength is guiding companies through change, and we are ready to jump in. Ready for a solution? Get in touch!

See How to Keep Your Internal Controls Healthy During COVID-19 for five helpful tips to effectively manage internal controls during a pandemic.

Other Helpful Resources:

By

John has deep experience across a multitude of skill sets, including cybersecurity and data protection policies, procedures and best practices, IT audit, security, risk, and compliance.